Covert surveillance methods such as wiretapping and malicious modification of telephone systems pose a serious threat to the security of sensitive information in many industries. In particular, since telephones have become ubiquitous and contain all of the components needed to capture audio and transmit it to a remote location where it can be monitored, they have become a common target for eavesdropping attacks. While much focus has been given to interception of sensitive telephone calls, another common method of attack is to modify telephone systems to listen to and transmit the audio from a room, even when a call is not in progress. While many methods exist for detecting whether analog and basic unencrypted digital telephone systems are transmitting audio while on-hook, detection of the presence of audio on the Voice over IP (VoIP) telephony systems that have been gaining popularity over the last decade can usually not be accomplished using these traditional methods. Existing attempts to detect VoIP traffic within IP network traffic are numerous, but these are often protocol-specific and generally not designed to detect VoIP traffic that is intentionally attempting to evade detection and, as such, are unsuitable for use in counter-surveillance applications. Therefore, what is needed is an improved method of detecting the presence of VoIP data in network traffic that is not specific to a particular VoIP system and is not easily evaded.